make `must_change_password` attribute immutable after creation (#1422) #14

	name: Prerelease

	on:
	push:
	tags:
	- 'v[0-9]+.[0-9]+.[0-9]+-rc[0-9]+'

	jobs:
	build:
	runs-on: ubuntu-latest
	permissions:
	contents: write
	id-token: write
	steps:
	- uses: actions/checkout@v4
	- name: build binaries
	env:
	CROSS: 1
	VERSION: ${{ github.ref_name }}
	run: \|
	make build-rancher

	- name: package
	run: \|
	make package-rancher

	- name: retrieve GPG Credentials
	uses: rancher-eio/read-vault-secrets@main
	with:
	secrets: \|
	secret/data/github/repo/${{ github.repository }}/key/app-credentials passphrase \| GPG_PASSPHRASE ;
	secret/data/github/repo/${{ github.repository }}/key/app-credentials privateKey \| GPG_KEY

	- name: sign shasum
	env:
	GPG_KEY: ${{ env.GPG_KEY }}
	GPG_PASSPHRASE: ${{ env.GPG_PASSPHRASE }}
	run: \|
	echo "Importing gpg key"
	echo -n '${{ env.GPG_KEY }}' \| gpg --import --batch > /dev/null
	echo "signing SHASUM file"
	VERSION_NO_V="$(echo ${{ github.ref_name }} \| tr -d 'v')"
	SHASUM_FILE="dist/artifacts/${{ github.ref_name }}/terraform-provider-rancher2_${VERSION_NO_V}_SHA256SUMS"
	echo '${{ env.GPG_PASSPHRASE }}' \| gpg --detach-sig --pinentry-mode loopback --passphrase-fd 0 --output "${SHASUM_FILE}.sig" --sign "${SHASUM_FILE}"

	- name: GH release
	env:
	GH_TOKEN: ${{ github.token }}
	run: \|
	gh release create ${{ github.ref_name }} --prerelease --verify-tag --generate-notes ./dist/artifacts/${{ github.ref_name }}/*

Provide feedback